“context informed information infrastructures for better situational awareness”

In a previous blog ‘network situational awareness: sonification & visualization in the cyber battlespace’, I suggested that computer networks may be viewed as a cyber warfighting domain in which the maintenance of situational awareness is impaired by increasing traffic volumes and the lack of immediate sensory perception. It was proposed that sonification (the use of non-speech audio for communicating information) is a viable means of monitoring a network in real time, and that a system could make use of affective computing principles to sonify emergent properties (such as self-organized criticality) of network traffic and behaviour to provide effective real-time situational awareness.

In this blog a prototype sonification tool is presented, which may be viewed as an information fusion system, allowing the infrastructure to find new ways to reflect upon its own state and to express this state that provides a good fit to human communication and cognition processes. It is suggested that this interplay should then generate a better and more responsive human-computer symbiosis; able to extract meaning and understanding from network data and behaviour.

 Introduction

Communication networks involve the transmission and reception of large volumes of data. Network traffic volumes will continue to increase and the behaviour of global information infrastructures when dealing with these data volumes is unknown. Human operators when trying to understand the current state of a system must first perceive the relevant elements of data, and then comprehend their meaning and significance, before anticipating what the implications of this system state are in terms of the actions required of them.   Only then – with this situational awareness – can they make a decision about the system criticalities and have a better understanding of what action to take.

What is situational awareness?

Well, Endsley’s (1995) definition

the perception of elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future,

will serve as a useful introduction. However, what does that mean?

To begin with, the study of situational awareness has its roots in military theory, and has the goal of understanding the state of a particular scope and using that understanding to make decisions about how to proceed and respond to events. There are different models and frameworks for situational awareness in the computer networks field, but there is general agreement that its core consists of three levels (Endsley, 1995):

1)  Perception — becoming aware of situational events;

2)  Comprehension — interpreting what is happening to form a situational understanding of the 
events;

3)  Projection (i.e., prediction) — using the understanding to inform what actions (if any) should be taken to control the network.

So in essence situational awareness is a process, consisting of (i) becoming conscious of the immediate environment, (ii) and understanding how temporal/spatial events (which you may or may not control) will impact on that environment. It is generally understood that inadequate situational awareness is an element of poor decision-making, especially in those situations that are composed of high information flow, with any disastrous consequences resulting from that poor decision-making being attributed to ‘human error’, (Ministry of Defence, 2010; Angerman, 2004).

There are situations where having a good awareness of the current environment, and making the correct decision within a strict time frame is critical, e.g., air traffic controllers, network administrators. However, monitoring systems providing multiple information sources and formats while assisting the decision-making team will require the team to decipher, analyze and understand those multiple sources. In such time-critical situations, the situational awareness requirement will not remain stable. It could be argued that with an unforeseen event such as an air traffic incident, or malicious infrastructure activity, the successful response to those non-standard events would require a more detailed and informed situational awareness (Smith, 2013).

Unfortunately, cyberspace is characterized, amongst many things, by a lack of natural visibility and tangibility. Humans have sense-based defensive postures. Sight, smell, feel and sound underpin our innate defensive posture. The challenge of cyberspace is that none of these senses, the core of our sensory toolkits, are effective in the cyber environment without technology and tools. Network administrators are therefore depend upon these tools, and the way in which they have been developed and configured to provide them with necessary situational awareness in order to make sense of the network’s behaviour.

However, it is not unreasonable to expect that such unforeseen events would cause increased cognitive workload, thereby impacting on the situational awareness and consequently the decision-making time. During this decision-making process, the perceived situational awareness being used during that process will be influenced by the cognitive effort needed to acquire and comprehend that situational awareness (Smith, 2013). The authors in trying to overcome this cognitive effort have proposed a novel way of making data perceptible.

One of the challenges faced when analyzing data is perceptualization, that is, making the data and its properties apprehensible. This thread runs through a number of components in the intelligence cycle. Visualization of data is the process by which intangible and invisible (or possibly merely incomprehensible) data is put in a form in which it can be apprehended and understood by those seeking to convert it to intelligence, or communicate it to those whose duty is to make the decisions required to hold the initiative. This process must be completed in a consistent and timely manner, if it is to produce intelligence that is reliable and useful.

 Sonification for Network Monitoring

A particularly striking feature of the three-level model (Endsley, 1995) is that the first two levels — perception and comprehension — correspond directly with Pierre Schaeffer’s two basic modes of musical listening, ecouter (hearing, the auditory equivalent of perception) and entendre (literally ‘understanding’, the equivalent of comprehension). Schaeffer was writing within a musical arts context but Vickers (Vickers, 2012) demonstrated how these modes are applicable to sonification, the auditory equivalent of visualization.

 Sonification is a branch of auditory display, a family of representational techniques in which non-speech audio is used to convey information. Here, data relations are mapped to features of an acoustic signal which is then used by the listener to interpret the data. Sonification has been used for many different types of data analysis (Hermann, et al., 2011). for a broad and recent treatment of the field) but one for which it seems particularly well suited is live monitoring, as would be required in situational awareness applications. The approach described in this chapter provides one way of addressing the challenges outlined above by enabling operators to monitor infrastructures concurrently with other tasks using additional senses. This increases the available bandwidth of operators without overloading individual cognitive functions, and provides a fast and elegant route to practical situational awareness using multiple senses and an increased range of cognitive ability.

Situational awareness requires intelligence to be provided in real time. A major challenge with live real- time network monitoring is that, with the exception of alarms for discrete events, the administrator needs to attend to the console screen to see what is happening. Spotting changing or emerging patterns in traffic flow would need long-term attention to be focused on the display. Therefore, sonification has been proposed as a means of providing situational awareness.

Monitoring tasks can be categorized as direct, peripheral, or serendipitous-peripheral (Vickers, 2011):

In a direct monitoring task we are directly engaged with the system being monitored and our attention is focused on the system as we take note of its state. In a peripheral monitoring task, our primary focus is elsewhere, our attention being diverted to the monitored system either on our own volition at intervals by scanning the system . . . or through being interrupted by an exceptional event signalled by the system itself

A system to sonify network traffic thus allows us to monitor the network in a peripheral mode. In a peripheral monitoring task,

our primary focus is elsewhere, our attention being diverted to the monitored system either on our own volition at intervals by scanning the system …or through being interrupted by an exceptional event signalled by the system itself (Vickers, 2011)

Hence, the monitoring becomes a secondary task for the operator who can carry on with some other primary activity. Serendipitous-peripheral is like peripheral monitoring except that the information gained “is useful and appreciated but not strictly required or vital either to the task in hand or the overall goal” (Vickers, 2011). Thus, a system to sonify network traffic may allow us to monitor the network in a peripheral mode, the monitoring becoming a secondary task for the operator who can carry on with some other primary activity. Network traffic is a prime candidate for sonification as it comprises series of temporally-related data which may be mapped naturally to sound, a temporal medium (Vickers, 2011).

Gilfix and Crouch’s (2000), PEEP system is an early network sonification example but Ballora et al. (2010; 2011; 2012) developed the idea to address situational awareness. Using an auditory model of the network packet space they produced a “nuanced soundscape in which unexpected patterns can emerge for experienced listeners”. Their approach used the five-level JDL fusion model, which is concerned with integrating multiple data streams such that situational awareness is enhanced (Blasch & Plano, 2002). However, Ballora et al., (2010) noted that the high data speeds and volumes associated with computer networks can lead to unmanageable cognitive loads. They concluded:

“The combination of the text-based format commonly used in cyber security systems coupled with the high false alert rates can lead to analysts being overwhelmed and unable to ferret out real intrusions and attacks from the deluge of information. The Level 5 fusion process indicates that the HCI interface should provide access to and human control at each level of the fusion process, but the question is how to do so without overwhelming the analyst with the details.”

Towards an Intelligent Information Infrastructure

While the study of situational awareness has its origins in military research, recent work has taken it out of the military zone and into social media, where a new field of ‘data fusion’ explores patterns of influence, location, identity and interactions between individuals and groups. Hall and Jordan (2010), have described the importance of hybrid human-computer systems in intelligent data fusion, arguing that:

the human analyst augments the traditional automated reasoning of computer-based fusion systems by explicitly using human cognition for pattern recognition (via visual and aural processing) as well as using semantic reasoning for context-based interpretation of evolving situations

In one important sense this research on human-centred information fusion is an extension of earlier work. In an influential series of studies, Clifford Nass and colleagues at Stanford demonstrated that social responses to computers are both commonplace and natural and that people tend to relate to their computers in the same way as they communicate with other people (Nass, et al., 1994; Reeves & Nass, 1996). Recently, designers have used this human-computer symbiosis for social engineering purposes, creating persuasive technologies where the user ‘tends’ the computer, with examples including the UbiFit Garden (a digital garden that blooms on a mobile phone in response to the user undertaking target levels of exercise) or anthropomorphic proxies of various kinds that evoke nurturing behavior in the human ‘owner’ such as the e-pet (Tanviruzzaman, et al., 2009) or the Biometric Daemon (Briggs & Olivier, 2008). Marsh et al., (2011), have taken this one step further in describing a new concept, Device Comfort, which is “the feeling of comfort that a device should be able to draw on from its current context” and is a means of dynamically sensing the environment and making a trust judgment in respect of that environment. Comfort levels can then be communicated to a user who will seek a means of repair if the system is uneasy.

 What do we mean by ‘current context’?

One meaning may be found in the way systems manage complexity. Complex natural systems appear to exhibit an emergent property known as ‘self-organized criticality’ (soc), by which the system responds to critical events in order to restore equilibrium (Bak, et al., 1987). Complex information structures also appear to manifest self-organized criticality (Yang, C. X., et al., 2006; Crovella & Bestavros, 1997; Leland, et al., 1993). The main characteristics of a self-organized critical system are power law fluctuations, and we propose that these power law fluctuations could drive the system’s inferred comfort level. Modern networks demonstrate periods of very high activity alternating with periods of relative calm, a characteristic known as ‘burstiness’ (Leland, et al., 1993). It was commonly thought that ethernet traffic displayed Poisson or Markovian distributions. Traffic would thus possess a characteristic burst length, which would be smooth when averaged over a time scale (Crovella & Bestavros, 1997). However, network traffic has been shown to have significant variance or burstiness over a range of time scales. Such traffic can be described using the statistical concept of self-similarity and it has been established that ethernet traffic exhibits this (Valverde & Sole, 2002).

In a wavelet analysis of the burstiness of self-similar computer network traffic Yang et al., (2006) demonstrated that the avalanche volume, duration time, and the inter-event time of traffic flow fluctuations obey power law distributions. According to Bak et al., (1987) such power law distributions in complex systems are evidence of soc, and soc is a function of an external driving force and internal relaxation process with a separation of time scales between them. However, since the time taken before an internal relaxation process occurs is non-deterministic, so then is the threshold at which the internal relaxation process occurs. Thus, a system can exhibit many differing states, each of which is ‘barely stable’, a condition called metastability (Bak et al., 1987). Valverde and Sol′e (2002) showed how network traffic exhibits the critical states associated with soc, while work by Laing & Vickers (EPSRC/TSB Project BK008B) looked at identifying and measuring soc, which resulted in the development of a prototype sonification tool for the visualization of soc in network traffic (UK Patent Application no. GB1205564.6 filed on 29 March 2012).

Prototype Sonification Tool

For purposes of illustration, the prototype tool sonifies the log returns of the following time-dependent network traffic data items: number of bytes sent, number of packets sent, number of bytes received, number of packets received by the network which we call bs, ps, br, pr respectively. These variables represent the total number of packets and bytes sent and received in a given time interval, t, t′. As soc has been shown to exist across multiple timescales, network traffic could be sampled at any regular interval. The size of the interval was not specified and is at the discretion of the user. soc properties can be observed by comparing the log return values of successive samples of time series data.

The log return values were fed as input into the sonification tool. Each log return value is used to control the parameters of an individual sound generator (or voice). In the example shown here there are four voices but the system can be extended to include as many voices as there are data dimensions to be monitored. A voice can be a synthesized tone generated in real time or it can be a segment of sampled audio that is played back as a repeated loop. The prototype setup consisted of three traffic variables that were mapped to loop-based voices, whilst a fourth was mapped to a synthesized voice. The loops and synthesized voices could, in principle, be any sound, but it is recommended to use sounds with large broadband noise components to minimize perceptual distraction. In the version described here, the channels contained different sounds that combined to make a countryside soundscape (e.g., running stream, rain, crickets, and so forth). This enables the various audio channels to be attended to as a single coherent whole, but alterations in any single channel will stand out.

The log returns value of each data stream was used to modulate the corresponding voice. This may be done by increasing/decreasing the amplitude, altering the voice’s position in a sound field (e.g., left-right pan in a stereo field, front/back/left/right in a surround-sound field, or front/back/left/right and azimuth in a full three-dimensional sound field), altering the voice’s phase, or altering its spectral characteristics (e.g., by changing the parameters of a band- pass filter). The prototype tool used the four data streams to modulate 1) the amplitude of the voices and 2) the centre frequency and resonance value of a bandpass filter. Each log return value was scaled to a range of values appropriate for the control it was being used to modulate.

The socs (self-organized criticality sonification) tool was implemented using the Pure Data audio programming environment, and a Python script for dealing with the capture of network packets and the transmission to the tool of the log return values of the variables being monitored. Figure 1 shows a screen shot of the application as it looks to the user. The application has four principal sections: network input (A), channel processing (B), the mixer (C), and the graph view (D). The network input section contains a module that receives the log returns generated by the Python script. The channel processing section contains four similar units: three for dealing with audio loop playback and one for dealing with synthesized tone playback. Each of the four units contains a scaler module and a band pass filter module. The three loop-based units also contain modules for loading and playing back the pre-recorded audio files. The synthesizer unit contains modules for generating and filtering white noise. Each of these four channel processors contains a real-time graphic plot, which shows the values of the log returns. The mixer section (C) allows the relative amplitudes of the four channels to be set. These four channels were then mixed down to a single stereo output, which was sent to the host computer’s audio hardware. The graph view (D) plots the aggregate network traffic in real-time, which allows visual reference to be made when something of interest is heard.

 

Untitled

Figure 1. The socs application. Section A deals with reading the network traffic from the capture device. Section B contains the voice definitions to which each traffic variable is mapped. Section C is a mixer to convert the four separate audio streams into a single stereo feed. Section D is a graphical display of the combined variables being monitored. The channel graph plots are updated more frequently than the aggregate graph plot.

The network input section (A) contains taps to turn on and off the four data streams that are being sonified. This allows the operator to generate an overall soundscape of all the network variables being monitored or to focus on a desired subset. Additionally, the mixer section (C) allows the overall balance between the soundscape channels to be adjusted as desired.

The system was tested with a number of traffic data sets captured from live networks. Traffic data were aggregated over 1s intervals and the number of bytes and packets sent and received per interval were fed to the socs application. Each time a set of log return values is received the system uses the values to modulate the four respective audio channels.

When the traffic is exhibiting normal patterns small fluctuations in log return values do not lead to very noticeable changes in the soundscape, either in amplitude or timbre. However, when one or more very large log returns occur (such as would be expected during a dynamic system relaxation event) the corresponding soundscape experiences a very noticeable change: the amplitude increases greatly and the timbre becomes brighter as the Q point of the band pass filters is moved up in the frequency range (see Figure 2).

Untitled1

Figure 2. This screen shot of the voice channel section shows log return spikes occurring on all four channels with the largest values occuring in the sent bytes and sent packets streams. These spikes generate a noticeable increase in the amplitude and brightening of the timbre of the soundscape

On hearing an event like this (situational awareness level 1— Perception) the network administrator would be drawn to inspecting the state of the network (situational awareness level 2 — Comprehension) to see if any action needs to be taken (situational awareness level 3 — Projection). Then comes the stage of managing the action, which itself requires situational awareness as actions are taken to address the situation. In a healthy network one would expect a number of significant changes in the soundscape over time as relaxation events occur (much as a sandpile would undergo shifts in its topology as sand is added to it over time). Some of these events may go unnoticed by the administrator (if, for example, they left the monitoring station for a short period of time) but this would not be harmful. What will be of particular interest is when there is an extended series of repeated high log return values, which might indicate growing instability in the network. An extended period of increased soundscape amplitude signals as a clear alert to the administrator.

The combination of using a system’s self-organized criticality as the underlying data set for situational awareness and a tool for sonifying this soc offers a number of potential advantages. First, because soc is an emergent property of the network as a whole, and can be seen at different time scales, it means that one can get an impression of the overall state of a network by monitoring a relatively small number of data streams, thereby ameliorating the problems of extreme volumes and speeds of data identified by previous researchers. Second, the sonification approach allows for the real-time presentation of simple, but relevant data via a medium that lets network administrators work at situational awareness levels 1 and 2 using without having to keep a visual focus on a complex graphical display. Third, because soc manifests itself fractally and across timescales, whatever data-sampling interval is chosen, any changes in network criticality will still be identifiable.

A Future Research Direction

In a physical space an individual acquires situational awareness through the perception and comprehension of events. One may start to feel a sense of unease or disquiet if a situation seems to be taking a turn for the worse. Given the inherent intangibility of system network events it is worth considering whether the network (or some computational engine working inside it) could itself gather intelligence about events and draw its own conclusions about the relative benignity or malignancy of developing situations. Affective computing is the study of computational systems than can recognize or simulation human emotions and affective states. Therefore, it is theoretically possible to design a monitoring agent that would simulate affective states related to the current state of a network and communicate these to a human operator. This would, potentially, enable the operator to know when the network itself is starting to ‘feel’ uncomfortable.

In this model, the system monitors its internal state, deduces its level of comfort and communicates this to the user. Discomfort might be induced by anomalies in the behaviours of users, interconnected systems and the environment, as well as breaches of specific policies. The system could employ different methods for communicating issues to the user (Marsh, et al., 2011), and for encouraging second thoughts in decision-making (Storer, et al., 2013), potentially enhancing situation awareness and speed of response to critical incidents.

In this proposal we are particularly interested in the kinds of communication that might engender a social bond between user and system, thus promoting data fusion, however, communication modality is critical here. A major challenge with live real-time monitoring is that, with the exception of alarms for discrete events, operators must attend to the console screen to see what is happening. Spotting changing or emerging patterns in the network’s comfort would need long-term attention to be focused on the display. The need to continuously attend to a visual display renders execution of other tasks difficult or impossible and inhibits wider situation awareness (Vickers, 2011). Such process monitoring of temporally related data potentially lends itself well to sonification, which has been used effectively in place of visual displays by Laing & Vickers (EPSRC/TSB Project BK008B) to communicate information about the traffic on a computer. Sonification could be employed in what Marsh et al., (2011) call Augmented Infrastructures – i.e., infrastructures that more naturally allow ‘in the field’ operators, as well as interested citizens, to interactively monitor and check in real time the status (comfort) of particular nodes in infrastructures.

In addition, sonification, because of its temporal rather than spatial representational nature offers the scope for creating a real-time affective system that keeps human operators continually in touch with the state of the network. Winters and Wanderley (2013) showed how sonification can communicate affective states in the traditional arousal—valence space. Taking this concept further, Kirke & Miranda’s (2013) pulsed melodic affective processing (PMAP) technique provides a mechanism for creating an affective sonification system in which the objects of interest being monitored constantly communicate their state using a sonification-based communications protocol; robots in a collaborative simulation communicate their affective state to a human listener.

It is anticipated that allowing the information infrastructure to reflect on its current context, dynamically sensing the environment, making a trust judgment in respect of that environment, and communicating that judgment to a user should then generate a better and more responsive human-computer symbiosis leading to improved situation awareness. This, in turn, should generate better decision-making (although obviously individual and task factors can play a mediating effect). The proposed project consists of two work packages.

Objective 1:

Identify how the communication of the information infrastructures’ current context can enhance the operators’ situational awareness. Okathe et al., (2013) investigate the modelling of comfort for critical infrastructures, most specifically in terms of the use of comfort as a lightweight language for inter-infrastructure communication. This work takes into account the fact that different infrastructures value different forms and contexts of information, some discounting or ignoring variables that may be vital for others. The language of comfort between infrastructures allows nodes within these infrastructures to communicate risk or security concerns without recourse to irrelevant or unneeded information. Whilst this is currently a work in progress, it has direct implications for how the operators of these infrastructures can monitor and understand their infrastructure’s status as it relates to that of other infrastructures. We discussed above the concept of Augmented Infrastructures, which allow direct communication in the field to operators, and here extend this notion to control centres where status is monitored. In this stage we will consider operators in such a centre as well as in the field. Specifically, we will build a simulation to explore the means by which system comfort will be communicated to operators, asking: if comfort is used as a basis for communication, what effect will it have on operator behaviour as measured by (i) situational awareness – as measured by efficiency of problem detection and comprehension of system state; (ii) user motivation – are operators more inclined to ‘dig down’ for more infrastructure-related information; (iii) user trust and confidence – is the user well calibrated with the system state and do user and system experience symbiosis? Further, we will explore the use of communication and visualisation techniques such as sonification to ask whether the means and mode of communication of ‘comfort’ have an effect on (i) – (iii) above. Finally, we ask whether such mechanisms might also be used for peer-to-peer human-based communications amongst infrastructure operators to enhance the cross-infrastructure sharing of information?

 Objective 2:

Identify how the infrastructures’ reflection on its current context can be used to enhance its behaviour. In Objective 1 we are considering how an intelligent infrastructure could communicate risk or security concerns to its operators, with the operators then taking some ameliorating action. In Objective 2, we propose a way by which an intelligent infrastructure could use its awareness of its context to adapt and change (for instance, by altering its ‘risky’ behaviour, or enhancing its security posture). We will extend the simulation developed in Objective 1 to include an adaptive network using the methodology outlined in (Bentley, 2005), and (as discussed previously) an emergent property of complex systems known as self-organized criticality (soc). At this stage, it will be necessary to identify and monitor an information infrastructure’s self-organized criticality; a system exhibiting soc will have spatial fractals and temporal 1/f fluctuations (Bak et al., 1987). Task (i) the identification of an information infrastructure’s spatial fractals and temporal 1/f fluctuations. Another characteristic of systems displaying soc is ‘metastability’; a system undergoing soc will have many differing states, each of which will be ‘barely stable’, and at the transition point (from instability to stability) spatial self-similarity occurs (Bak et al., 1987).  Task (ii) the identification of an information infrastructure’s spatial self-similarity. We hypothesize that this spatial self-similarity represents a fractal like geometry, with a ‘fractal dimensionality’. Consequently, this fractal structure and dimensionality functioning as an adaptive regulatory network (Bentley, 2005) would act as a management and service-aware system (the operating system, controlling all aspects of the infrastructure, for observing, orientating, deciding, acting) for the information infrastructure. Task (iii) using the methodology outlined in (Bentley, 2005) to develop adaptive regulatory networks for use as an infrastructure service-aware management system. As well as providing for the adaptation of information infrastructures, additional outcomes of this Work Package could be the verification of the work by Kuehn (2012). Kuehn, while investigating self-organized critical adaptive networks, concluded that information processing in complex systems exhibiting steady-state criticality could reach optimal noise values (Kuehn, 2012). Task (iv) verifying that information processing within an information infrastructure that is exhibiting steady-state criticality displays optimal noise values. If this is the case then soc will be a better explanation of network behaviour than either Poisson or Markovian distribution profiles, and as such may result in more robust and resilient information infrastructures; soc may offer earlier warnings of potentially destabilizing events or situations.

Conclusions

We have proposed an agenda for future research to develop an intelligent information infrastructure, able to (i) communicate the information infrastructures’ current context, and thereby help to enhance the operators’ situational awareness, and then (ii) reflect on its current context to enhance its behaviour. This agenda involved the collaboration of a number of dissimilar activities, namely, sonification, self-organized criticality, network context, and affective computing, which the authors believe will yield benefits for the field of network situation awareness.

Acknowledgment

The authors gratefully acknowledge the input of Tom Fairfax [SRM Ltd, UK], Pam Briggs [Northumbria University, UK], Stephen Marsh [University of Ontario, Canada], and especially Jonathan Christison [a final- year student on Northumbria University’s BSc Ethical Hacking for Computer Security] who provided assistance with constructing the Python packet sniffer. Patent Applied For: This article is the subject of UK Patent Application no. GB1505931.4 filed on 8 April 2015.

References

Angerman, W. S. (2004). Coming full circle with Boyd’s OODA loop ideas: An analysis of innovation diffusion and evolution. Unpublished master’s thesis, Airforce Institute of Technology, Wright-Patterson AFB, Ohio, USA.

Bak, P., Tang, C., & Wiesenfeld, K. (1987). Self-organized criticality: An explanation of the 1/f noise, Phys. Rev. Lett., (59) 4, pp. 381– 384.

Ballora, M., Panulla, B., Gourley, M., & Hall, D. L. (2010). Preliminary steps in sonifying web log data. In E. Brazil (Ed.), 16th International Conference on Auditory Display, pp. 83-87, Washington, DC: ICAD.

Ballora, M., Giacobe, N. A., & Hall, D. L. (2011). Songs of cyberspace: an update on sonifications of network traffic to support situational awareness, in SPIE Defense, Security, and Sensing, pp. 80 640P— 80 640P.

Ballora, M., Giacobe, N. A., McNeese, M., & Hall, D. L. (2012). Information data fusion and computer network defense. In C. Onwubiko & T. Owens (Ed.), Situational Awareness in Computer Network Defense: Principles, Methods and Applications. IGI Global.

Bentley, J. P. (2005). Controlling robots with fractal gene regulatory networks, in Recent Developments in Biologically Inspired Computing (L. De Castro and F. von Zuben, eds.), pp. 320-339, London: Idea Group Publishing, 2005, ISBN: 1591403138.

Blasch, E. P., & Plano, S. (2002). JDL level 5 fusion model: User refinement issues and applications in group tracking, in Proc. SPIE, Vol. 4729, pp. 270—279.

Briggs, P., & Olivier, P. (2008). Biometric daemons: Authentication via Electronic Pets, in Proceedings CHI 2008, Florence Italy, April 5-10, ACM Press.

Crovella, M. E., & Bestavros, A. (1997). Self-similarity in world wide web traffic: Evidence and possible causes, IEEE/ACM Trans. Netw., (5) 6, pp. 835–846.

Endsley, M. (1995). Toward a theory of situation awareness in dynamic systems, Human Factors, 37(1), pp. 32-64.

Gilfix, M., & Couch, A. L. (2000). Peep (the network auralizer): Monitoring your network with sound. In 14th System Administration Conference (LISA 2000), pp. 109-117, New Orleans, Louisiana, USA: The USENIX Association.

Hall, D. L., & Jordan, J. M. (2010). Human-centered information fusion. Boston: Artech House.

Nass, C., Steuer, J., & Tauber, E. R. (1994). Computers are social actors, in Proceedings of CHI 1994, Boston, MA. ACM Digital Library.

Hermann, T., Hunt, A. D., & Neuhoff, J. (2011). (Eds.), The Sonification Handbook. Berlin: Logos Verlag.

Kirke, A., & Miranda, E. (2013). Pulsed melodic processing – the use of melodies in affective computations for increased processing transparency, in Music and Human-Computer Interaction (S. Holland, K. Wilkie, P. Mulholland, and A. Seago, eds.), pp. 171–188, Springer London.

Kuehn, C. (2012). Time-scale and noise optimality in self-organized critical adaptive networks, Phys. Rev. E (85) 2, February.

Leland, W. E., Taqqu, M. S., Willinger, W., & Wilson, D. V. (1993). On the self-similar nature of Ethernet traffic, SIGCOMM Comput. Commun. Rev., (23) 4, pp. 183–193.

Marsh, S., Briggs, P., El-Khatib, K., Esfandiari, B., & Stewart, J. A. (2011). Defining and Investigating Device Comfort, Journal of Information Processing, IPSJ, (19), pp. 231-252.

Ministry of Defence. (2010). MoD. Army Doctrine Publication – Operations. UK Ministry of Defence, 2010. Accessed February 5, 2014, from https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/33695/ADPOperationsDec 10.pdf.

Okathe, T., El-Khatib, K., Storer, T., Marsh, S., & Heydari, S. S. (2013). Scalable Light-Weight Peer-to-Peer Risk Communication Framework for Critical Infrastructures Management, submitted to CRITIS 2013: 8th International Workshop on Critical Information Infrastructures Security.

Reeves, B., & Clifford Nass, C. (1996). The Media Equation: How People Treat Computers, Television, and New Media Like Real People and Places. Cambridge University Press.

Smith, K. T. (2013). Building a human capability decision engine. In Contemporary Ergonomics and Human Factors 2013 Proceedings of the international conference on Ergonomics & Human Factors 2013, pp. 395–402, Accessed February 5, 2014, from http://www.crcnetbase.com/doi/abs/10.1201/b13826-84, 2013.

Storer, T., Marsh, S., Noel, S., Esfandiari, B., El-Khatib, K., Briggs, P., Renaud K., & Vefa-Bicakci, M. (2013). Encouraging Second Thoughts: Obstructive User Interfaces for Raising Security Awareness, 11th Annual Conference in Privacy Security and Trust. PST 2013. Tarragona, Catalonia

Tanviruzzaman, M., Ahamed, S. I., Hasana, C. S., & O’Brien, C. (2009). ePet: When cellular phone learns to recognize its owner, Proc SafeConfig ’09, pp. 13-17.

UK Patent Application no. GB1205564.6 filed on 29 March 2012.

Valverde, S., & Sole ́, R. V. (2002). Self-organized critical traffic in parallel computer networks. Physica A 312, pp. 636–648.

Vickers, P. (2012). Ways of listening and modes of being: Electroacoustic auditory display, Journal of Sonic Studies, Vol. 2 (1). Accessed February 5, 2014, from http://journal.sonicstudies.org/vol02/nr01/a04, 2012.

Vickers, P. (2011). Sonification for process monitoring. In T. Hermann, A. D. Hunt, & J. Neuhoff (Ed.), The Sonification Handbook, pp. 455—492, Logos Verlag, Berlin, 2011.

Winters, R. M., & Wanderley, M. M. (2013) Sonification of emotion: Strategies for continuous display of arousal and valence, in Proceedings of the 3rd International Conference on Music and Emotion (ICME3) (G. Luck and O. Brabant, eds.), (Jyväskylä, Finland), 11–15 June.

Yang, C. X., Jiang, S. M., Zhou, T., Wang, B. H., & Zhou, P. L. (2006). Self-organized criticality of computer network traffic, in Communications, Circuits and Systems Proceedings, 2006 International Conference, volume 3, pp. 1740–1743. IEEE, 25–28 June.